Do you trust your WiFi – Well don't!

“Free WiFi”

There is a lot of mobile working going on. Every coffee shop with free WiFi is seemingly filled with businessmen between appointment’s. Laptops, tablets & smartphones all hook up semi-automatically to a range of WiFi providers. It’s a no brainer to work on the move right?

WRONG!!!! At the risk of making you very paranoid WiFi is DANGEROUS for your personal data, professional data or any form of communication

When your device tells you it has found a BTOpenzone/The Cloud/O2 WiFi/whatever do you trust it? If so why?

Warning

This will not make you a L337 H4x0r but it hopefully will open your eyes as to how easy it is to compromise WiFi.

WiFi Pineapple

Most wireless devices including laptops, tablets and smartphones have network software that automatically connects to access points they remember. This convenient feature is what gets you online without effort when you turn on your computer at home, the office, coffee shops or airports you frequent. Simply put, when your computer turns on, the wireless radio sends out probe requests. These requests say “Is such-and-such wireless network around?” The WiFi Pineapple Mark IV, powered by Jasager — German for “The Yes Man” — replies to these requests to say “Sure, I’m such-and-such wireless access point – let’s get you online!”

Attack Attack Attack

So if somebody has a WiFi Pineapple set up in your favorite coffee shop then they can be sitting between you and the internet. This is called a Man in the middle attack as your internet communications are all going through the pineapple.

This opens up a whole range of compromise potential.

Hello Operator

A Pineapple allows a hacker to “poison” your DNS. The DNS system is what the internet uses to translate www.google.com into something that a computer understands which is an ip address in this case 173.194.34.145

However if I’m sitting in the middle and have control of your dns I can re route your web browser. Instead of returning 173.194.34.145 as the address of www.google.com I could return 192.168.2.23 which is ACTUALLY the address of a webserver on my laptop.

Is that really you?

Why would I want to do that? Well hackers use a bit of software called Backtrack (now upgraded to Khali. Within Khali there is a “Social Engineering Toolkit”. This will enable you to clone the website and host it locally so that you can harvest peoples user names and passwords. For an overview see this blog post. However imagine that in a coffee shop with a Pineapple you won’t need to do the spoof emails as you control the WiFi network channel and have rerouted the URL automatically through your poisoned DNS.

Social Media

I’m all right jack!

One more thing

Most coffee shops have a sign-on page before you can access the internet. But as we’ve seen above it’s easy for a hacker to insert another page in place of that. If the hacker inserts a page with a zero day exploit on it then they will be able to gain access to your machine, maybe install a key-logger and watch as you type your username & password for ever more.

Help me

There isn’t an awful lot that will help you. You could hard code your DNS entries (8.8.8.8, 8.8.4.4 are the google DNS) but as the Pineapple is in-between you and the internet and all DNS traffic goes over port 53 it would be easy to subvert even that. See here for more info.

Probably the best way is to set up a VPN. See here for more info. BUT if you have “signed into” the coffee shop system and it’s been compromised (as outlined above) then the hacker has your Laptop anyway.

Anything at all?

It’s a bit nerdy and relies on the owner of the Pineapple not doing a good job of configuring it but… Create a wifi profile called “I’m being hijacked” or some such. Make it the highest priority connection in your operating system. Remember the WiFi Pineapple will respond to any requests as “yup, sure, I’m that” If you then see that you are connected to the WiFi with the connection “I’m being hijacked”, then you’ll know. Unless the Pineapple has been restricted to what it says yes to of course…